-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-abe1e34fdb 2024-03-29 00:16:07.816413 --------------------------------------------------------------------------------

Name : onnx Product : Fedora 40 Version : 1.14.1 Release : 2.fc40 URL : https://github.com/onnx/onnx Summary : Open standard for machine learning interoperability Description : onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types.

-------------------------------------------------------------------------------- Update Information:

Security fix for CVE-2024-27318 and CVE-2024-27319 -------------------------------------------------------------------------------- ChangeLog:

* Sat Feb 24 2024 Alejandro Alvarez Ayllon a.alvarezayllon@gmail.com - 1.14.1-2 - Backport of fixes for CVE-2024-27318 and CVE-2024-27319 * Wed Feb 21 2024 Diego Herrera C dherrera@redhat.com- 1.14.1-1 - Release 1.14.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2265737 - CVE-2024-27318 onnx: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=2265737 [ 2 ] Bug #2265739 - CVE-2024-27319 onnx: oob read https://bugzilla.redhat.com/show_bug.cgi?id=2265739 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-abe1e34fdb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------